This page provides basic information about logs and their structure in Cloud Logging.
Logging receives, indexes, and stores log entries from many
sources, including Google Cloud, Amazon Web Services (AWS), VM instances
running the Logging
fluentd agent, and
Logging represents logs using a single data
LogEntry which defines certain common data for all log entries as well as
carries individual payloads.
Log entry structure
Every log entry in Logging is an object of type
LogEntry that is characterized by the following information:
- The Google Cloud project or organization that contains the log entry.
- The resource to which the log entry applies. This consists of a resource type from the Monitored resource list and additional values that denote a specific instance.
- A log name.
- A timestamp.
- A payload, which can be a textPayload, a jsonPayload, or (for GCP services) a protoPayload.
Google Cloud logs available in Logging
Google Cloud logs are application-specific logs that can help you debug and troubleshoot issues, as well as understand the software that Google Cloud runs on your apps.
The Google Cloud logs available in Cloud Logging vary depending on which Google Cloud resources you are using in your project. To learn more, visit the Google Cloud documentation home and select the appropriate product or service.
Cloud Audit Logs includes three types of audit logs: Admin Activity, System Event, and Data Access.
Cloud Audit Logs provide audit trails of all administrative changes and, optionally, data accesses of your Google Cloud resources by other users. Cloud Audit Logs let you alert on security abnormalities to remediate incidents and satisfy compliance requirements.
For a list of Google Cloud services that write audit logs, see Google services with audit logs.
For more information about audit logging, see Cloud Audit Logs.
Access Transparency logs
Access Transparency provides you with logs of actions taken by Google staff when accessing your Google Cloud resources. Access Transparency logs help you verifying that Google is accessing your data only for valid business reasons, and to track compliance with your organization's legal and regulatory requirements.
For a list of Google Cloud services that write Access Transparency logs, see Google services with Access Transparency logs.
For more information, including how to enable Access Transparency logs, see Access Transparency.
The Logging agent is a
fluentd based process that runs on
supported VM instances.
The Logging agent sends system and third-party logs on the VM instance to Cloud Logging, where they appear as separate logs. For more information, see Default logging agent logs.
There are several ways to view your log entries:
- To read log entries using the Google Cloud Console, see the Logs Viewer overview, Viewing logs.
- To read log entries through the Logging API, see entries.list.
- To read log entries using the
gcloudcommand line, see Reading log entries.
You can control how your log entries are ingested, stored, and routed. The Logs Router checks each log entry against existing rules to determine which log entries to discard, which log entries to ingest (store) in Cloud Logging, and which log entries to include in exports to other destinations.
For details, see Logs Router overview.
Individual log entries are kept for a specified length of time and are then deleted. The Logging quota policy explains how long log entries are retained.
For information on logs pricing, see Operations Pricing.